Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MongoHealthIndicator does not function for encrypted MongoClient #269

Open
j1m-renwick opened this issue Mar 3, 2022 · 5 comments
Open

MongoHealthIndicator does not function for encrypted MongoClient #269

j1m-renwick opened this issue Mar 3, 2022 · 5 comments
Labels
type: bug Something isn't working type: improvement A minor improvement to an existing feature

Comments

@j1m-renwick
Copy link

Expected Behavior

Application starts up no errors

Actual Behaviour

Then the following error appears in the logs:

[default-nioEventLoopGroup-1-3] ERROR i.m.m.health.indicator.HealthResult - Health indicator [mongodb (Primary)] reported exception: com.mongodb.MongoClientException: Exception in encryption library: command not supported for auto encryption: buildinfo

This seems to be because MongoHealthIndicator uses the "buildinfo" command, which isn't a command that the mongocrypt library currently considers bypassable (https://jira.mongodb.org/projects/MONGOCRYPT/issues/MONGOCRYPT-308; https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/client-side-encryption.rst#libmongocrypt-auto-encryption-allow-list).

In order to support encryption, either the hardcoded command needs to be a bypassable one, or users should be able to configure the command to run in their YAML.

Steps To Reproduce

Specify an encrypted MongoClient bean to be eagerly created at startup, i.e.:

@Factory
class MongoFactory {

    @Context
    MongoClient mongoClient() {
           (...create the CSFLE client here)
   }

Start application and observe logs

Environment Information

  • MacOS Monterey 12.2.1
  • SDK 1.8.0_211

Example Application

No response

Version

2.3.1
@j1m-renwick
Copy link
Author

UPDATE - https://jira.mongodb.org/projects/MONGOCRYPT/issues/MONGOCRYPT-308 has added buildInfo to the list of bypassable commands, but I think that because the MongoHealthIndicator class calls buildinfo instead (note the lower case), it isn't passing the check as per mongodb/libmongocrypt@591bcfa. So I think the fix is now just a matter of changing the buildinfo call to buildInfo. Happy to raise a PR if needed.

@graemerocher
Copy link
Contributor

can be disabled with:

endpoints.health.mongodb.enabled=false

@j1m-renwick
Copy link
Author

I still wanted to use the health indicator, I just wanted it to work for encrypted client. Currently we're just replacing the class with our own that uses ping (which is flagged as bypassable) instead of buildinfo, but would be nice to not have to do this.

@j1m-renwick
Copy link
Author

should I raise a PR for this change (buildinfo -> buildInfo) ?

@graemerocher
Copy link
Contributor

sure, contributions welcome

@sdelamo sdelamo added the type: improvement A minor improvement to an existing feature label Jan 9, 2024
@sdelamo sdelamo removed this from 4.4.0 Release Apr 16, 2024
@sdelamo sdelamo added the type: bug Something isn't working label Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug Something isn't working type: improvement A minor improvement to an existing feature
Projects
No open projects
4.5.0 Release
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@graemerocher @sdelamo @j1m-renwick